CYBER SECURITY ENGINEER

Start Date: 2012-01-01End Date: 2012-12-01

Created a methodology for, and assisted in completing a gap analysis of policies and procedures to ensure compliance with NEI 08-09 (Nuclear Cyber Security). • Assisted in the creation of an auditing tool to ensure 100% compliance with NEI 08-09 regulations, which was accomplished by mapping regulations to the client's policy and procedure. • Created a sandbox environment (Windows Server 2008, MySQL) with the Agiliance governance, risk, and compliance (GRC) tool to allow my team and me to learn the tool and assist in streamlining the client's digital asset assessment process. • Recommended a strategy to ensure maximum ROI with the implementation of the Agiliance GRC tool. • Assisted in the creation of a Security Control Implementation Strategy (SCIS) with respect to nuclear cyber security regulations.

ENTERPRISE SECURITY ANALYST

Start Date: 2008-06-01End Date: 2009-06-01

Worked with a team responsible for the Department of Interior's Minerals Management Service Enterprise IT security in the Herndon and Washington DC areas. • Performed vulnerability assessments, patch audits, and baseline configurations on servers in the enterprise environment. • Assisted in insuring vulnerabilities and other security related items were remedied appropriately and timely according to agency standards. • Worked actively with operating systems and hardware teams to ensure patches were implemented. • Scanned the network for vulnerabilities on specific VLAN subnets and systems. • Ensured that enterprise was in compliance with FISMA standards. • Created standard enterprise-wide processes and documentation for information security processes. • Assisted in creating a change management architecture and process. • Performed connectivity scans to unknown machines that requested access to the network.

Network Systems Administrator

Start Date: 1991-01-01

Subcontract engagement. Provide network and systems integration and administration support. Essential functions for this role include: Install end points on the network. Perform network and systems administration on LANS\WANS. Perform systems integration and configuration. Provide on site support in a help desk capacity during a major systems migration. Work within a team tasked with standing up the mid continent data center. Configure, test and integrate file and application servers, end users workstations, COTS software. Provide end user support working in a help desk capacity. Scope Toolsets/Technologies System administration applications within the OS2 Operating Environment, TCPIP, Token Ring, Wintel

Senior Security Engineer ( PLXSert / Prolexic )

Start Date: 2014-09-01End Date: 2015-04-20

- DDoS & Vulnerability research - Malware research (static, dynamic, and reversing) - Forensics - OSINT - Systems, Labs, and PoC work - Threat intelligence - Emerging threats research My work within the PLXSert team is pretty broad, I cover projects ranging from finger printing attacks and attribution back to known botnets, malware, and exploits to building custom dashboards and internal systems for processing and handling data. On a day to day basis I might cover everything from analyzing and reversing a piece of malware to producing a PoC attack for use within our lab to doing general research of various systems and attack data. I get to spend my time in the trenches getting my hands dirty with a variety of tools, platforms, and languages, and I wouldn't have it any other way. Some notable projects while working within the PLXSert include custom development for large scale scanning, research, intelligence gathering and intelligence confirmation (Python, Scapy, Bash, Linux, nmap, masscan, & ZMap). I was instrumental in some reversing and finger printing efforts for tricky malware samples (Immunity debugger, Linux, Python, XAMPP, PHP, VMware, Virtual Box, Windows XP/7, CFF Explorer, FakeNet, RegShot, tcpdump, tshark, wireshark, windump, Process Hacker, etc.). I discovered a yet to be disclosed vulnerability in a popular protocol (coming soon!). Using OSINT was able to acquire hundreds of underground samples of malicious software (c2's, bots, malware source, etc.) and gather intel on existing and emerging threats, and helped link them back to real attacks on customer assets... and more. Advisories that I played a key role in include: - Joomla Reflection DDoS-for-Hire - MS SQL Reflection DDoS - Yummba Webinject Tools - Shellshock Bash Bug DDoS Botnet - SSDP Reflection DDoS Attacks (http://www.stateoftheinternet.com/resources-cyber-security-ddos-threat-advisories.html)

Information Operations Planner / Intelligence Analyst

Start Date: 2012-08-01End Date: 2013-10-01

Responsibilities • Serve as a subject matter expert on parameters of Information Operations (IO) and the multifaceted levels of military operations within the Pacific Command (USPACOM) and Northern Command (USNORTHCOM) regions • Responsible for advising on, coordinating, leading, monitoring, and tracking strategic, operational and tactical level command IO activities throughout the full range of military operations to include: irregular warfare, amphibious operations, expeditionary/contingency operations, and major combat operations • Responsible for leading a team of military intelligence analysts in order to integrate the various information related capabilities associated with "full-spectrum" IO to include; Computer Network Operations (Computer network attack, defense and exploitation), Operational Security (OPSEC), Information Assurance (IA), Electronic Warfare (EA/ED/ES), Military Deception (MILDEC/Counter), Military Information Support Team Ops (MISO/PSYOPS), Targeting, Intelligence Integration (IPB/HUMINT/CI), Civil Military Operations (CMO/CA), Public Affairs (PAO) and Combat Camera (COMCAM) in support of MCIOC planning teams, MAGTFs and other Marine Corps Commands during pre-deployment exercises, contingencies and large scale, multi-echelon military operations • Prepare, develop, review, evaluate, and assess Combined Information Overlays, IO objective and tasking plans, concepts of support, and Operational Order annexes and appendixes in support of forward-deployed operations. • Provide concept development and implementation of shaping operations that integrate the different elements of cultural analysis (anthropology, psychology, religion, and tribal/clan dynamics) • Conduct independent analysis of information operations requirements and evaluate capabilities to meet these requirements.

All Source Intelligence Analyst

Start Date: 2007-11-01End Date: 2011-01-01

Responsibilities • In daily liaison and collaboration for projects regarding high profile international affairs with senior personnel within the Department of Defense's various counterterrorism, intelligence, and security components to include the Defense Intelligence Agency, Central Intelligence Agency, National Geospatial-Intelligence Agency, National Reconnaissance Office, National Security Agency and the military service components • Collaborate on sensitive programs and projects in the fields of Detainee Affairs, Biometrics, Human Intelligence, Intelligence Analytics, Technical Collections, High Valued Target acquisitions, Science and Technical Intelligence, Cyber Security, Counter Threat Finance and various Weapon and Technology Research and Development teams • Attend and present at various briefings in the National Capital Region as official USD(I) representation and contribute collective knowledge to assist with refining various DoD (IC) policy and directive initiatives • Manage and coordinate domestic and international travel requests to include NATO collaboration, Defense Travel System, CWT/SATO travel, Area/Theatre/Special clearance requests, and internal training for foreign area travel • Appointment as SCIF Office Security Manager and responsible for ensuring all provisions, regulations and information security protocols are strictly enforced • Involved in both acknowledged and other Special Access Programs (SAPs)

Senior Intelligence Analyst

Start Date: 2012-01-01End Date: 2013-01-01

Conducted in-depth research and analysis of data and produced intelligence reports and assessments in collaboration with other analysts, while meeting tight production deadlines and adhering to strict quality guidelines. • Utilized numerous US government, open source, and other databases to research, review, evaluate, and integrate all source data (HUMINT, SIGINT, IMINT, MASINT, OSINT) into fused all-source products for the combatant end-users. • Performed pattern, trend, and link diagram analysis in order to identify insurgent networks employing IEDs (Improvised Explosive Devices) as well as identify their supply chains, financial networks, and other critical enablers. • Deployed to Afghanistan from March 2013 to September 2013 as a COIC analyst in support of Task Force Vanguard in Logar and Wardak Provinces.

The Experts: IT Field Services Engineer. Deployed to Bagram AFB, Afghanistan to support Hewlett Packard's Cloud computing POD (Performance Optimized Data Center) purchased for the US Army. This project was considered mission critical for the Army's DCGS-A operations. Duties included initial setup, installation and support for the HP (POD), implementing network availability and initializing security services performance on the entire unit, customized design and consulting for complex network architectures, which included environment direct access services and site assessment, modeling and surveying of location.

Senior Systems Analyst: NOSC Engineering Section with General Dynamics, responsible duties were to perform a site analysis regarding secured wireless connectivity that would support aircraft maintenance facilities for many AF bases. Primary duty was to ensure that the Air Force Training Command was following network security policies dictated by NIST, NSA, DISA STIGS, and Air Force guidelines and procedures. Responsible for expert analysis of network data from various Air Force bases and Civilian customers identifying malicious activity to include, attempted and actual intrusions, system and network scanning, information gathering, poor security practices among other events. Conducted vulnerability assessment (OLS or On-line Survey) of Air Force systems and networks connected to the Internet (MILNET), and reported results to HQ USAF, MAJCOM commanders and their units.

AFCERT Operations Site Lead/Senior Systems Analyst: Responsible duties performed for this position included system administration, designing, developing, implementing and maintaining operational systems and tools for the Air Force Computer Emergency Response Team. Programs utilized for this position include Oracle database systems, advanced intrusion detection systems, IDS, GUI interfaces, Internet and Intranet applications and incident response tools to protect Air Force networks. This position required managing several personnel in the department. Further duties included identifying, utilizing, and supervision of matrix support conducting risk assessments associated with the development of a wide-area network, identifying and addressing vulnerabilities within the architecture, individual components, and software subsystems that comprise the network.

Ingenium Corporation and RCF Inc: Project Manager/Site Lead Systems Analyst: Performed UNIX system administration for the LOGDIS (Logistics Data Integration Systems) Project. This Project supported 7000+ users at Kelly AFB, Texas on several Tier and Mid Tier UNIX platforms. Responsible duties included system administration for the LOGDIS Project. The following applications and services were utilized in order to perform the duties as the system administrator for this project: Domain Name Service administration (DNS) (Bind, NIS+), LAN, WAN, Usenet News (NNTP), and Directory Services administration. Further included diagnosing system hardware, software failures, and monitoring systems security. This includes software support and development utilizing the following programs: C/C++, Perl, and Shell Programming. Further duties required systems integration, migration, upgrades, patches, software conversions, and Ingres database support. Provided customer service and technical support to the user community and to the network staff as well as managing and training contractor personnel on site. Administrative responsibilities included preparing a detailed monthly status report that was sent to the Project headquarters for review.

All-Souce Intelligence Analyst

Timestamp: 2015-12-26

Serving as an All-source Intelligence Analyst for over eight years, I have become proficient in the application and understanding of the Intelligence Cycle. I possess a comprehensive understanding of counter insurgency/terrorism analysis, law enforcement functions/tactics, illicit activities (corruption and links to the insurgency) and narcotics trafficking personalities/organizations. My experience focuses in preparing and presenting, all-source intelligence summaries, briefings, estimates, targeting packets, and visual graphic presentations; to include nodal analysis and exploitation of detainees, documents and media to convey the current common operating picture to key leadership (typically in fast paced time sensitive environments). My experience ranges from supporting conventional units (Company level to Division level) to operating with and in support of Special Operations Forces both Foreign and Domestic. I have recently acquire my B.S. in Cybersecurity with a minor in Homeland Security and currently pursing a M.S. in Digital Forensics and Cyber Investigations. My intent is to fuse my all-source analytical experience into the world of Information Security/Assurance and its applicability in Homeland Security.

Intelligence Specialist

Start Date: 2007-05-01End Date: 2012-04-01

— Honorable Discharge — Deployed to Afghanistan in support of OEF (2011 – 2012) and Iraq in support of OIF (2009 – 2010) - Produced battlespace intelligence update briefs to the Commanding Officer and his Staff. - Assisted in the development of Joint Prioritized Effects List (JPEL) targets and nomination of prominent targets. - Served as the Intelligence Liaison Non-Commissioned Officer (NCO) between United States Forces and Foreign Special Operations Forces ensuring the cooperation between ground units and supporting commands, resulting in multiple successful raids. - Performed duties as the Information Management NCO ensuring the collection and dissemination of all intelligence products. - Supervised and trained a team of six subordinate analysts, provided constant review of products produced and assigned tasked as appropriate.

Cyber Security Engineer - Viewpost, LLC

Cyber Security Engineer

Start Date: 2014-07-01

Managed and conducted phishing campaigns across the organization in order to increase the security awareness; part of this effort is responsible for winning the Elite 2015 CSO50 Award. • Member of the Penetration Testing Team. In charge of finding and exploiting vulnerabilities (creation of Proof of Concepts) within the Viewpost environment by using Nessus, nmap, Kali Linux tools, and Python as the scripting language. • • Protection of the corporate infrastructure from infiltration or exfiltration as a part of the Security Operations Center (SOC) and SIRT. • Perform daily checks of the security appliances that are deployed throughout the organization like IDSs, IPSs, HIPs, OS, AVs, and WAFs among others, looking for anomalies on our network traffic in an effort to locate and remediate unauthorized activity. • Monitor information security alerts though the use of SEIM to respond, triage, and escalate as needed. o Convert data into actionable information in a timely manner by correlating alert information from different appliances like, • Splunk, McAfee, FireEye, SourceFire, PaloAlto Network firewalls, Confer, Websense, 2FA (Duo), BYOD (AirWatch), File Integrity Monitoring (Bit9), Secure E-mail Gateway and Data Loss Prevention (Proofpoint), WAF (F5), VPN (Juniper) o Daily check of Open-source intelligence (OSINT) that could provide some Intel on threats that could directly impact the organization.\ o Process automation by the creation of tools in order to accelerate the triage cycle. • IRT email analysis. This is an Outlook Plugin that I created in Visual Studio .NET 2010 that allowed to team to gather key information from external and internal emails. • Splunk Alert and Dashboards. • A PowerShell script that checked the local accounts password age on devices and workstations across the environment. o Key member of the Digital Forensic Team, where I assisted on the creation of multiple SOP for all the Forensic evidence handling mechanisms, chain of custody, etc.